This post is only focus on including the App Role in the SAML response. Please refer to the following posts for Setup the App Role and Setup the SAML SSO . Once you have the App Role setup, the user.assignedroles will be made available in the claim source attributes. Just select that from drop down for your claim setup.
Showing posts from November, 2019
- Other Apps
I actually tried to figure out the how-to from this article Application roles . 1. Go to Azure Active Directory > App Registrations For step 5, some tips/rules to follow. The displayName and value must be in one word, no space is allowed. I learn in hard way. The id can be generated using this Online GUID generator Also, in order to support multiple group assignment, the groupMembershipClaim in the manifest must be set to "All", the default value is null. See below: "groupMembershipClaims": "All", Once this is updated, the new Role will be visible in the user/group assignment. 7. Go to Azure Directory > Enterprise App > Your App > Users and Groups > Add User The user/group list will be displayed accordingly. Ta-da, done~ The roles setup in this way is meant for this special application only. To use the roles from Azure AD security group. I haven't check that out.
- Other Apps